httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From jor...@apache.org
Subject cvs commit: httpd-2.0 CHANGES
Date Wed, 10 Nov 2004 12:53:06 GMT
jorton      2004/11/10 04:53:06

  Modified:    .        CHANGES
  Log:
  Synch with 2.0 branch.
  
  Revision  Changes    Path
  1.1630    +77 -67    httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.1629
  retrieving revision 1.1630
  diff -d -w -u -r1.1629 -r1.1630
  --- CHANGES	6 Nov 2004 07:56:20 -0000	1.1629
  +++ CHANGES	10 Nov 2004 12:53:06 -0000	1.1630
  @@ -14,9 +14,6 @@
        search filter.
        [Brad Nicholes]
   
  -  *) SECURITY: CAN-2004-0942, Fix for memory consumption DoS.
  -     [Joe Orton]
  -
     *) mod_usertrack: Run the fixups hook before other modules.
        PR 29755. [Paul Querna]
   
  @@ -54,11 +51,6 @@
     *) mod_rewrite: Removed the MaxRedirects option in favor of the
        core LimitInternalRecursion directive.  [André Malo]
   
  -  *) SECURITY: CAN-2004-0885 (cve.mitre.org)
  -     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
  -     bypassed during an SSL renegotiation.  PR 31505.  
  -     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
  -
     *) mod_auth_ldap: Handle the inconsistent way in which the MS LDAP
        library handles special characters. PR 24437 [Jess Holle]
   
  @@ -461,6 +453,19 @@
   
   Changes with Apache 2.0.53
   
  +  *) SECURITY: CAN-2004-0942 (cve.mitre.org)
  +     Fix for memory consumption DoS in handling of MIME folded request
  +     headers.  [Joe Orton]
  +
  +  *) SECURITY: CAN-2004-0885 (cve.mitre.org)
  +     mod_ssl: Fix a bug which allowed an SSLCipherSuite setting to be
  +     bypassed during an SSL renegotiation.  PR 31505.  
  +     [Hartmut Keil <Hartmut.Keil adnovum.ch>, Joe Orton]
  +
  +  *) mod_ssl: Fail at startup rather than segfault at runtime if a
  +     client cert is configured with an encrypted private key.
  +     PR 24030.  [Joe Orton]
  +
     *) apxs: fix handling of -Wc/-Wl and "-o mod_foo.so". PR 31448
        [Joe Orton]
                                                                                   
  @@ -1157,13 +1162,15 @@
   
   Changes with Apache 2.0.48
   
  -  *) SECURITY [CAN-2003-0789]: mod_cgid: Resolve some mishandling of
  -     the AF_UNIX socket used to communicate with the cgid daemon and
  -     the CGI script.  [Jeff Trawick]
  +  *) SECURITY: CAN-2003-0789 (cve.mitre.org)
  +     mod_cgid: Resolve some mishandling of the AF_UNIX socket used to
  +     communicate with the cgid daemon and the CGI script.
  +     [Jeff Trawick]
   
  -  *) SECURITY [CAN-2003-0542]: Fix buffer overflows in mod_alias and 
  -     mod_rewrite which occurred if one configured a regular expression 
  -     with more than 9 captures.  [André Malo]
  +  *) SECURITY: CAN-2003-0542 (cve.mitre.org)
  +     Fix buffer overflows in mod_alias and mod_rewrite which occurred
  +     if one configured a regular expression with more than 9 captures.
  +     [André Malo]
   
     *) mod_include: fix segfault which occured if the filename was not
        set, for example, when processing some error conditions.
  @@ -1314,21 +1321,22 @@
   
   Changes with Apache 2.0.47
   
  -  *) SECURITY [CAN-2003-0192]: Fixed a bug whereby certain sequences
  -     of per-directory renegotiations and the SSLCipherSuite directive
  -     being used to upgrade from a weak ciphersuite to a strong one
  -     could result in the weak ciphersuite being used in place of the
  -     strong one.  [Ben Laurie]
  +  *) SECURITY: CAN-2003-0192 (cve.mitre.org)
  +     Fixed a bug whereby certain sequences of per-directory
  +     renegotiations and the SSLCipherSuite directive being used to
  +     upgrade from a weak ciphersuite to a strong one could result in
  +     the weak ciphersuite being used in place of the strong one.  
  +     [Ben Laurie]
   
  -  *) SECURITY [CAN-2003-0253]: Fixed a bug in prefork MPM causing
  -     temporary denial of service when accept() on a rarely accessed port
  -     returns certain errors.  Reported by Saheed Akhtar
  -     <S.Akhtar talis.com>.  [Jeff Trawick]
  +  *) SECURITY: CAN-2003-0253 (cve.mitre.org)
  +     Fixed a bug in prefork MPM causing temporary denial of service
  +     when accept() on a rarely accessed port returns certain errors.
  +     Reported by Saheed Akhtar <S.Akhtar talis.com>.  [Jeff Trawick]
   
  -  *) SECURITY [CAN-2003-0254]: Fixed a bug in ftp proxy causing denial
  -     of service when target host is IPv6 but proxy server can't create
  -     IPv6 socket.  Fixed by the reporter.  [Yoshioka Tsuneo
  -     <tsuneo.yoshioka f-secure.com>]
  +  *) SECURITY: CAN-2003-0254 (cve.mitre.org)
  +     Fixed a bug in ftp proxy causing denial of service when target
  +     host is IPv6 but proxy server can't create IPv6 socket.  Fixed by
  +     the reporter.  [Yoshioka Tsuneo <tsuneo.yoshioka f-secure.com>]
   
     *) SECURITY [VU#379828] Prevent the server from crashing when entering
        infinite loops. The new LimitInternalRecursion directive configures
  @@ -1360,16 +1368,17 @@
   
   Changes with Apache 2.0.46
   
  -  *) SECURITY [CAN-2003-0245]: Fixed a bug causing apr_pvsprintf() to crash 
  -     by sending an overly long string.  This can be triggered remotely 
  -     through mod_dav, mod_ssl, and other mechanisms.  Reported by David
  -     Endler <DEndler iDefense.com>.
  -     [Joe Orton <jorton redhat.com>]
  +  *) SECURITY: CAN-2003-0245 (cve.mitre.org)
  +     Fixed a bug causing apr_pvsprintf() to crash by sending an overly
  +     long string.  This can be triggered remotely through mod_dav,
  +     mod_ssl, and other mechanisms.
  +     Reported by David Endler <DEndler iDefense.com>.  [Joe Orton]
   
  -  *) SECURITY [CAN-2003-0189]: Fixed a denial-of-service vulnerability
  -     affecting basic authentication on Unix platforms related to
  -     thread-safety in apr_password_validate().  The problem was reported
  -     by John Hughes <john.hughes entegrity.com>.
  +  *) SECURITY: CAN-2003-0189 (cve.mitre.org)
  +     Fixed a denial-of-service vulnerability affecting basic
  +     authentication on Unix platforms related to thread-safety in
  +     apr_password_validate().
  +     Reported by John Hughes <john.hughes entegrity.com>.
   
     *) Fix for mod_dav.  Call the 'can_be_activity' callback, if provided,
        when a MKACTIVITY request comes in.
  @@ -1497,10 +1506,11 @@
     *) Fixed a segfault when multiple ProxyBlock directives were used.
        PR: 19023 [Sami Tikka <sami.tikka f-secure.com>]
   
  -  *) SECURITY [CAN-2003-0134] OS2: Fix a Denial of Service vulnerability 
  -     identified and reported by Robert Howard <rihoward rawbw.com> that 
  -     where device names faulted the running OS2 worker process.
  -     The fix is actually in APR 0.9.4.  [Brian Havard]
  +  *) SECURITY: CAN-2003-0134 (cve.mitre.org)
  +     OS2: Fix a Denial of Service vulnerability identified and
  +     reported by Robert Howard <rihoward rawbw.com> that where device
  +     names faulted the running OS2 worker process.  The fix is
  +     actually in APR 0.9.4.  [Brian Havard]
   
     *) Forward port: Escape special characters (especially control
        characters) in mod_log_config to make a clear distinction between
  @@ -1518,11 +1528,12 @@
     *) Fix possible segfaults under obscure error conditions within the
        cgid daemon.  [Jeff Trawick, William Rowe]
   
  -  *) SECURITY [CAN-2003-0132]: Close a Denial of Service vulnerability
  -     identified by David Endler <DEndler iDefense.com> on all platforms.
  -     An unlimited stream of newlines were acceptable between requests
  -     where each <lf> would allocate an 80 byte buffer, leading very
  -     quickly to memory exahustion.  [Brian Pane]
  +  *) SECURITY: CAN-2003-0132 (cve.mitre.org)
  +     Close a Denial of Service vulnerability identified by David
  +     Endler <DEndler iDefense.com> on all platforms.  An unlimited
  +     stream of newlines were acceptable between requests where each
  +     <lf> would allocate an 80 byte buffer, leading very quickly to
  +     memory exahustion.  [Brian Pane]
   
     *) Added an rpm build script.
        [Graham Leggett, Joe Orton <jorton redhat.com>]
  @@ -1966,14 +1977,14 @@
   
   Changes with Apache 2.0.43
   
  -  *) SECURITY [CVE-2002-0840]: HTML-escape the address produced by 
  -     ap_server_signature() against this cross-site scripting 
  -     vulnerability exposed by the directive 'UseCanonicalName Off'.  
  -     Also HTML-escape the SERVER_NAME environment variable for CGI 
  -     and SSI requests.  It's safe to escape as only the '<', '>', 
  -     and '&' characters are affected, which won't appear in a valid 
  -     hostname.  Reported by Matthew Murphy <mattmurphy kc.rr.com>.
  -     [Brian Pane]
  +  *) SECURITY: CVE-2002-0840 (cve.mitre.org)
  +     HTML-escape the address produced by ap_server_signature() against
  +     this cross-site scripting vulnerability exposed by the directive
  +     'UseCanonicalName Off'.  Also HTML-escape the SERVER_NAME
  +     environment variable for CGI and SSI requests.  It's safe to
  +     escape as only the '<', '>', and '&' characters are affected,
  +     which won't appear in a valid hostname.  Reported by Matthew
  +     Murphy <mattmurphy kc.rr.com>.  [Brian Pane]
   
     *) Fix a core dump in mod_cache when it attemtped to store uncopyable
        buckets. This happened, for instance, when a file to be cached
  @@ -1989,7 +2000,7 @@
        could lead to an infinite loop.  PR 12705  
        [Amund Elstad <amund.elstad ergo.no>, Jeff Trawick]
   
  -  *) SECURITY [CVE-2002-1156] (cve.mitre.org):
  +  *) SECURITY: CVE-2002-1156 (cve.mitre.org)
        Fix the exposure of CGI source when a POST request is sent to 
        a location where both DAV and CGI are enabled. [Ryan Bloom]
   
  @@ -2167,7 +2178,7 @@
   
   Changes with Apache 2.0.40
   
  -  *) SECURITY [CAN-2002-0661] (cve.mitre.org): 
  +  *) SECURITY: CAN-2002-0661 (cve.mitre.org) 
        Close a very significant security hole that 
        applies only to the Win32, OS2 and Netware platforms.  Unix was not 
        affected, Cygwin may be affected.  Certain URIs will bypass security
  @@ -2179,7 +2190,7 @@
        Reported by Auriemma Luigi <bugtest sitoverde.com>.
        [Brad Nicholes]
   
  -  *) SECURITY [CAN-2002-0654] (cve.mitre.org):
  +  *) SECURITY: CAN-2002-0654 (cve.mitre.org)
        Close a path-revealing exposure in multiview type
        map negotiation (such as the default error documents) where the
        module would report the full path of the typemapped .var file when
  @@ -2187,7 +2198,7 @@
        negotiation.  Reported by Auriemma Luigi <bugtest sitoverde.com>.
        [William Rowe]
   
  -  *) SECURITY [CAN-2002-0654] (cve.mitre.org):
  +  *) SECURITY: CAN-2002-0654 (cve.mitre.org)
        Close a path-revealing exposure in cgi/cgid when we 
        fail to invoke a script.  The modules would report "couldn't create 
        child process /path-to-script/script.pl" revealing the full path
  @@ -2496,7 +2507,7 @@
        the pipes and spawning functionality working.
        [Brad Nicholes]
   
  -  *) SECURITY [CVE-2002-0392] (cve.mitre.org) [CERT VU#944335]:
  +  *) SECURITY: CVE-2002-0392 (cve.mitre.org) [CERT VU#944335]
        Detect overflow when reading the hex bytes forming a chunk line.
        [Aaron Bannert]
   
  @@ -6147,7 +6158,7 @@
        multiple places and allows for an SSL module to be added much
        simpler. [Ryan Bloom]
   
  -  *) SECURITY [CVE-2000-0913] (cve.mitre.org):
  +  *) SECURITY: CVE-2000-0913 (cve.mitre.org)
        Fix a security problem that affects certain configurations of
        mod_rewrite. If the result of a RewriteRule is a filename that
        contains expansion specifiers, especially regexp backreferences
  @@ -6537,7 +6548,7 @@
        container is VirtualHost or Directory or whatever.
        [Jeff Trawick]
   
  -  *) SECURITY [CAN-2000-1204] (cve.mitre.org):
  +  *) SECURITY: CAN-2000-1204 (cve.mitre.org)
        Prevent the source code for CGIs from being revealed when 
        using mod_vhost_alias and the CGI directory is under the document root
        and a user makes a request like http://www.example.com//cgi-bin/cgi
  @@ -8951,12 +8962,11 @@
        run-time configurable using the ExtendedStatus directive.
        [Jim Jagielski]
   
  -  *) SECURITY [CVE-1999-1199] (cve.mitre.org): 
  +  *) SECURITY: CVE-1999-1199 (cve.mitre.org) 
        Eliminate O(n^2) space DoS attacks (and other O(n^2)
        cpu time attacks) in header parsing.  Add ap_overlap_tables(),
        a function which can be used to perform bulk update operations
  -     on tables in a more efficient manner.
  -     [Dean Gaudet]
  +     on tables in a more efficient manner.  [Dean Gaudet]
   
     *) SECURITY: Added compile-time and configurable limits for
        various aspects of reading a client request to avoid some simple
  
  
  

Mime
View raw message